Newsletters Welcome, Guest Log In | Register
Home:

Interviews

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

The Dangers of Unchecked Administrative Privileges

by Carl Weinschenk, IT Business Edge
Jun 30, 2008 12:00:00 AM

 

Carl Weinschenk spoke with Mark Fullbrook, director for the UK and Ireland, Cyber-Ark, about a Cyber-Ark survey on administrative privileges and the dangers they can create. The survey found that about a third of IT personnel   queried admitted to using their administrative privileges to access data that they shouldn't.

 

Weinschenk: What did the survey show?
Fullbrook: Essentially, it was a survey conducted at The Infosecurity Europe exhibition at the end of April. We asked a series of questions concerning administrative privileges, what senior people did with those privileges, and how they interacted with sensitive information. The primary thing that came out of that survey was the very interesting fact that about one-third answered affirmatively to the question: “Have you ever used administrative privileges to access information not relevant to your role?”

 

Weinschenk: That’s a frightening result.
Fullbrook: A lot of people around the blogosphere picked up on that. ZDNet Europe asked a question along the same lines and 34 percent of 450 responders said yes. That backs up our responses. We asked about the prevalence of industrial espionage in the organization. There were some interesting results of that. When we asked people whether they are aware of what we would call people deliberately taking data outside the organization, we saw some interesting results. We will use that in a future press release. [All I’ll say is] if it was a very low number, we wouldn’t have been interested.

 

Weinschenk: Have you done anything like this before?
Fullbrook: We had a similar survey a couple of times before. The reason for the survey is to get publicity around this massive problem. I think there is a consistent downward trend, due to the increased uptake of technology to manage the issue. It is driven by things like SOX and HIPAA, which covers how you deal with privileged information.

 

Weinschenk: Was the survey just European?
Fullbrook: It was European, no U.S. input, but the cross section of companies is global. So it had IT administrators of some of the biggest companies in the world. I would say it’s absolutely a global phenomenon.

 

Weinschenk: Budgets are strapped. Does this problem absolutely require investment or are there other ways to approach it?
Fullbrook: Can you control this type of access without investing in technology? Yes, you can change passwords, you can use physical safes and put passwords in them and make people ask for them. You can do it with these and other procedures.


Previous Page Next Page

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Internal Threat

The internal threat echoes Walt Kelly's Pogo: 'We have met the enemy, and he is us'

Blog: Closing the Security Gap

Article: The Expanding Footprint of the Privileged Identity Management Challenge

White Paper: Stopping Insider Attacks: How Organizations Can Protect Their Sensitive Information

Related Topics

Authentication Systems, Data Security, Identity Management, Network Access Control, Passwords

Featured White Papers

Browse

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Performance Under Pressure: The State of Enterprise Web Application Quality and Availability

This research study finds that Web application issues are an all-too-common problem and examines these Web-based enterprise application issues from two perspectives: that of an online customer and that of a site manager.

Resource Centers

Browse

Security Information and Event Management

Best practices, strategies and technologies to help you use security information and event log management efficiently and effectively in order to get business value in terms of increased security, reduced risk, regulatory compliance and increased business agility.

Featured Whitepapers

The Top Ten Insider Threats and How to Prevent Them

Premium Tools

Browse

All About Reducing Your IT Costs

Looking to cut costs? Use this research-driven Excel tool to pinpoint which IT cost reduction measures best fit your needs.

Learn more >

Budget & Finance Toolkit for IT - 2010 Edition

What kind of year are you planning in 2010?  Growth or continued "survival mode"?  Download a comprehensive collection of templates, forms, instruction and advice that will help you to plan and submit your 2010 IT Budget.

Learn more >